1. Field of the Invention
The present invention relates to an information processing apparatus with a software protecting function and in particular relates to an information processing apparatus having an encryption unit which encrypts processed data or a decryption unit which decrypts the encrypted data to be processed, or both.
2. Discussion of the Related Art
In the case where created programs or data are distributed (hereinafter, programs and data are simply and inclusively referred to as "data" unless otherwise noted), it is necessary to protect the data from being stolen, tampered with or used in unauthorized manner. As the protection means, so far, methods, such as storing the data in a ROM, floppy disk, or the like to render them copy-protected, have been employed. However, these methods allow the contents of the data being read without difficulty; therefore the data cannot be protected perfectly.
In another way, it is possible to enable only the user who has a decryption key to decrypt and use data upon decrypting the data and distributing them. However, according to this method, the decrypted programs or data are unprotected, which results in a security hole and may allow theft, tampering or unauthorized use of the data.
As a technique for resolving the above-described problems, a Japanese Patent Laid-Open Publication No. Hei. 2-155034 (1990) has disclosed an information processing apparatus in which the data is encrypted and stored in a memory or the like and then decrypted when executed in a CPU so that decrypted programs or data may not be accessed in unauthorized manner. According to the method, the encryption unit and the decryption unit are disposed inside of the information processing apparatus for protecting the data, and thereby software is protected. The information processing apparatus is now described more specifically below.
FIG. 18 is a block diagram showing a conventional information processing apparatus designed to protect the software. The information processing apparatus shown in FIG. 18 has a CPU 510, a storage device 523, an input device 521, an output device 522 and a key input device 524. The CPU 510 further comprises an arithmetic unit 511, a control unit 512, an encryption/decryption unit 513 and a key storage unit 514.
The CPU 510 functions as the center of the information processing apparatus and performs data operation, control of other units, and so forth. The storing unit 523 stores data, and transmits/receives data to/from the encryption/decryption unit 513 in the CPU 510 under the control of the CPU 510.
The input device 521 receives data from the outside of the information processing apparatus under the control of the CPU 510. The output device 522 outputs the data processed by the information processing apparatus to the outside under the control of the CPU 510. The key input device 524 sets a group of keys necessary to perform encryption or decryption in the CPU 510.
The arithmetic unit 511 in the CPU 510 performs arithmetic operation or logical operation on the data given by the input device 521 or storage device 523. The control unit 512 interprets instructions provided by the storing device 523 to control all over the information processing apparatus. The key storing unit 514 stores the keys set by the key input device 524. The encryption/decryption unit 513 is located between the storing device 523 and the arithmetic unit 511, which decrypts the instructions and data having been encrypted by utilizing a key in the key storage unit 514 so that the arithmetic unit 511 may interpret them, and also encrypts the result of operation performed in the arithmetic unit 511 by utilizing the key in the key storing unit 514 and then stores it in the storage device 523.
With the above-described construction, the data to be stored in the storage device 523 can be constantly kept encrypted. Accordingly, if the data in the storing unit 523 is stolen, it is difficult to analyze its content, and thereby the secrecy of the data can be improved.
In such information processing apparatus with a software protecting function, the programs or data which have been encrypted and stored should be decrypted one after another when they are executed. Therefore, overhead in decryption process must be taken into consideration, and thereby an encryption method adopting a relatively simple algorithm with a small computation amount, XOR for example, should be used. As a result, a problem occurs that the encryption security is deteriorated. Accordingly, it is necessary to raise the level of the encryption security as high as possible even though the encryption method adopting a relatively simple algorithm is used.
For raising the encryption security level, efforts have been made in changing the encryption method to be rendered secret. However, if such method is employed, another problem occurs that interchangeability between data is greatly lost, and besides, in each apparatus, it does not necessarily follow that the encryption security is increased because the encryption algorithm or encryption key may be analogized based on the frequency of a specific instruction code appearing in the program or correspondence between the encrypted program and operation of the apparatus.
As described above, sufficient encryption security level cannot be obtained by simply rendering the encryption method secret, and therefore some other methods for obtaining high encryption security level with a small computation amount have been considered, which are described as follows.
A first example is a method of changing the encryption algorithm per every memory address (area), which is disclosed by a Japanese Patent Laid-Open Publication No. Sho. 63-184853 (1988), as "portable electronic device". For the device, a data memory unit divided into plural areas, a control unit for reading/writing data from/to the data memory unit are provided, wherein one of different encryption algorithms is assigned to each area of the data memory unit. Accordingly, the encryption algorithm or encryption key can be changed per every address or area, and thereby the secrecy of the data is increased.
A second example is a method of encrypting a piece of data on an address in a memory and all other data by the piece of data itself, which is disclosed by Japanese Patent Laid-Open Publication No. Hei. 4-229346 (1992), as "encryption of addressed information stream to be used for program code protection". The object of the method is to test or transfer the protected programs or data stored in the Erasable and Programmable Read Only Memory (EPROM) without disclosure. According to the method, it is unnecessary to especially provide a key byte for storing an encryption key because the encryption key is a piece of data stored in the memory; therefore the silicon area of the EPROM is not wasted. Moreover, since the data region used as the encryption key is also encrypted by itself; therefore, if the exclusive NOR gate is used as the encryption method, for example, the data region used as the encryption key may be the output byte of the logical value FFh, whereby the encryption key can be kept secret.
A third example is the method of raising the level of the encryption security by utilizing the Cipher Block Chaining (CBC) or the Cipher Feed Back (CFB), which is the operation mode of the Data Encryption Standard (DES: an encryption algorithm disclosed by the Standards Bureau, U.S. Department of Commerce, currently the American National Standards Institute on 1977) instead of plural encryption keys. The CBC and CFB modify the input of the next encryption step by using the output of the preceding encryption step.
In the DES, the data to be encrypted is divided into data blocks of 64 bits, and then the blocks are processed one by one. The CBC uses not only the data and decryption key of every block, but also a value obtained by encryption of the preceding block. The CFB encrypts the first block and uses the encrypted data obtained thereby as the input to the DES to generate a pseudo random output. The output is further concatenated to the data of the next block for generating a cipher text. The cipher texts are sequentially concatenated by repeating the process. According to the method of CBC or CFB, the encrypted blocks are influenced with each other; and therefore, it is possible to relate not only an encrypted block to an immediately preceding encrypted block, but also each of all other encrypted blocks to another one. Consequently, the blocks cannot be decrypted in an order other than the predetermined one.
As a fourth example, "an encryption-communication method" is disclosed by Japanese Patent Laid-Open Publication No. Hei. 4-101529 (1992), wherein an encrypted electronic filing document in which an encryption key is embedded is transmitted, and the encryption key is extracted from the received encrypted electronic filing document, and then the encrypted electronic document is decoded and interpreted by using the extracted encryption key. In the encryption-communication method, the encryption key is directly embedded in the encrypted electronic document and the position where the key is embedded is determined by a random number value provided by the number of times of communication with the receiver. Each of the transmitter and the receiver has a counter of the number of communication times and random number generation means for generating a random number corresponding to the value of the counter. With this construction, it is possible to change the encryption key in every communication and thereby make it difficult for any third person to tap the key.
However, each of the above-described methods designed for raising the level of the encryption security with a small computation amount has the problems as follows.
The method shown as the first example which changes the encryption algorithm or encryption key corresponding to the address or area has a good effect on a memory in which the relation between the data and data address is not changed, such as a ROM. However, currently the computer having a virtual memory is the mainstream, and the method cannot be applied thereto.
That is, in the computer having the virtual memory, the storage unit used by a processor has a hierarchical structure comprising a main memory and a secondary memory. In this case, the address of the encrypted data on the main memory is frequently changed whenever the encrypted data is swapped in the main memory from the secondary memory, or is swapped out of the main memory to the secondary memory. As a result, a problem occurs that the encrypted data on the data address does not match with the encryption algorithm or encryption key.
In the method shown as the second example, the region to be encrypted is determined by the address; therefore, as same as the method of the first example, it cannot be applied to the computer having a memory with the hierarchical structure.
The method shown in the third example uses only a single encryption key in practice, which causes a problem that if the encryption key is found, all other data are readily analyzed and interpreted.
The method shown in the fourth example is the encryption method applied to the communication, wherein the encryption key itself is embedded in the encrypted electronic document so that the transmitter and the receiver may not need to share the encryption key. Consequently, if the position where the encryption key is embedded is known to the person with the intent to commit tapping, the encryption key itself is found by him. To avoid this problem, the fourth example changes the position where the encryption key is embedded in accordance with the random number value determined based on the number of times of communication. Therefore, the transmitter and the receiver are required to operate synchronously for accurate communication of the data therebetween, that is, the order of encryption and decryption must be the same. However, in a memory of an information processing apparatus on the basis of random access, it is impossible in practice to adopt the method. I
In many cases, the unit of data processed by the information processing apparatus may be the same number of bits (for example, 32 bits or 64 bits) for improving the processing efficiency. Therefore, the data having the number of bits of the encryption key is added, the difference occurs in the data size between the data before encryption and the encrypted data. Software should be designed on the premise that the encryption causes difference in the data size, which results in a great loss of versatility of the software; and besides, information about the partial encryption method must be published to a software developer, and accordingly the encryption security is extremely deteriorated.
To maintain the versatility of the software, the change of the data size should be made up for by the hardware; therefore drastic design change of architecture of the information processing apparatus is required.
In addition, the unit of data to be processed by the information processing apparatus is generally shorter than that used in communication; therefore the ratio of the size of the encryption key data to the size of whole data to be encrypted becomes too large. As a result, a problem occurs that the memory space of the storage device cannot be effectively used. If the size of the encryption key data is reduced to prevent waste of the space in the memory, the encryption security level is lowered.
As means for resolving the problem in the method shown in the first example, it is possible to have the encryption algorithm or encryption key match with the encrypted data on the address by making the address or area correspond to the virtual memory space, on condition that such virtual address must be administrated by an operating system (hereinafter referred to as OS). In general, the OS is provided as the software, and consequently, OS is easily tampered with by concentratively cryptanalizing a part of the OS where control of switching of the encryption algorithm or encryption key is performed, especially in the case of such system with relatively low level of encryption security. As a result, tampering such as to directly output the data once decrypted in the apparatus to the outside is possible, which causes a problem that all data are analyzed and interpreted by tampering with only a part of the OS.
As described so far, conventionally it has been difficult to obtain high level of encryption security with a small computation amount independent of the memory administration method of a computer. The encryption method using plural keys or encryption algorithms makes it possible to obtain the high level of encryption security with a small computation amount, on condition that, even in this case, there is no complex key administration carried out by the OS.